Video Screencast Help

Symantec Power Eraser using Symantec Help (SymHelp) Tool.

Created: 08 Mar 2013 • Updated: 21 May 2013 | 7 comments
Language Translations
Mithun Sanghavi's picture
+20 20 Votes
Login to vote

Hello,

The Symantec Power Eraser is aimed at the detection and clean-up of "zero-day" threats as well as other threats which may have infected the user’s system. Zero-day threats are those that take advantage of a newly discovered hole in a program or operating system before the developers have made a fix available – or before they are even aware that a hole exists.

NOTE: It is recommended to have an Internet connection when using SymHelp and Symantec Power Eraser. This would assist in downloading the Latest Version of SymHelp and Latest Power Eraser Definitions when running Symantec Power Eraser. Incase, there is no Interent connection, Power Eraser would use the default definitions which are available with the SymHelp Tool.

To Remove a Threat Using Symantec Power Eraser

1. Start your Symantec Help Tool. Download Page: The Symantec Help (SymHelp) Tool

2. Upon installation of Symantec Help Tool, select "Symantec Power Eraser" as shown in the diagram below.

1_power_E.JPG

 

3. Symantec Power Eraser GUI gives us following options: 

  • Scan for Risks - additionally available for selection is "Include a Rootkit Scan" - this will require a reboot.
  • History - where we can check results of previous Power Eraser sessions, you can as well recover from here files that were previously detected
  • Settings - enables to selected "Include a Rootkit Scan" option and set up a network configuration.

 

4. When the scan completes, note what files were identified (some legitimate files may be identified) and select any suspicious programs you wish to remove and click Fix (this will cause the system to reboot). You may wish to select to save a copy of the log records to the desktop.

5. Have the user continue to operate their computer and perform any specific behaviors that would normally cause the symptoms to appear.

 

 

To Undo a Change Threat Using Symantec Power Eraser

1. Launch the Symantec Help Tool and select Symantec Power Eraser.

2. Click History

3. Select the Session you want to restore and click on "Restore".

 

 

FAQ

  1. Is Symantec Power Eraser (SPE) safe to use on a windows server?
    • Yes.
  2. What ports need to be open?
    • We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from *.symantec.com and *.norton.com.
  3. When should I use the product in safe mode with networking vs. regular mode?
    • The tool should be run in normal mode first. Some threats block the tool from running in normal mode or block all exe files from running. In these cases, a second attempt should be made by running the tool in safe mode with networking.
  4. What threat families is the tool most effective at remediating?
    • SPE is effective against known and unknown threats with the exception of file infectors.

Consider Using Symantec Power Eraser when:

You have an outbreak on a small number of workstations or windows servers

The user describes symptoms of Fake/Rogue AV such as:
  • A reoccurring pop up notification
  • Alerts indicating that they are infected
  • Prompts to register (buy) the solution
  • Fake Blue Screen Of Death messages
Important to note - Symantec Power Eraser:
  • Is not a solution to be deployed or implemented on large scale outbreaks.
  • Is not a replacement for regular daily AV scanners.
  • Will go through the process of rebooting the machine up to 2 times if it suspects that the machine is infected with malware, using the remediation workflow.
  • Will not protect against re-infection. Users should verify that their Symantec product is receiving updated virus definitions. This will ensure they are protected.

The Benefits of Running Symantec Power Eraser

  • Expedites your helpdesk team process by using Symantec Power Eraser as a first response remediation tactic.
  • Reduces employee downtime by allowing users to return to work more quickly.
  • Requires no backup and restoring of files as compared to the reimaging of systems.
  • Common alternatives such as either individual threat remediation with threat specific remediation tools, or reimaging of the workstations and restoring files require more time and decreases productivity of the helpdesk team and the impacted employee.

 

Comments 7 CommentsJump to latest comment

kishorilal1986's picture

Hi Mithun,

Nice Article to help us while working on SEP to remove threat.

Thanks once again.

+1
Login to vote
RicheeDiaz's picture

Thanks Mithun for the Wonderful Article.

Thanks

Richard

+1
Login to vote
honey_jack's picture

Nice Article.wink

Thanks & Regard

Honey Jack

 

If your issue has been solved, please use the "Mark as Solution" for the valid thread.

0
Login to vote
Mick2009's picture

Just adding a couple cross-references that may be of interest to those usign Power Eraser:

About Symantec Power Eraser
http://www.symantec.com/docs/TECH134803

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-help-symhelp-tool-how-do-we-collect-suspicious-files-and-submit-same-symante

 

With thanks and best regards,

Mick

0
Login to vote
nwranich's picture

Great article.  Very informative.  I have not used Power Eraser before, but will have to try it if the need every arises.

0
Login to vote
Mick2009's picture

Linking this article, which has a video on the topic:

How to run Symantec Power Eraser with the SymHelp utility
Article URL http://www.symantec.com/docs/TECH203683

With thanks and best regards,

Mick

0
Login to vote